From server1, I have access to the desired UNC path, and this same user is running splunk, so I know access is not an issue.
\etc\apps\search\local\inputs.conf
[monitor://\\SANCIFS_TDC_NETAPP01A.SAN.MyCompany.Com\CIFS_COGNOS$\Test\Logs]
disabled = false
host = sancifs_test
index = default
sourcetype = motio_test
I have tried many different permutations of the forward and back slash for my monitor stanza, but nothing has worked so far.
What am I doing wrong?
Thanks, Sean
dang, that is going to make me mad. I set the Service to run as a different user, and it now works. (figuring out the syntax of how to get Windows to recognize the user was quite a chore)
dang, that is going to make me mad. I set the Service to run as a different user, and it now works. (figuring out the syntax of how to get Windows to recognize the user was quite a chore)
Is the indexer (or forwarder) a linux or window box?
If windows, might it be that the "local system account" under which splunk runs by default has no access to that folder?
Uhm, is that a dollar sign after COGNOS? Is it supported in paths?
1) Yes, I have restarted Splunk after updating the inputs.conf
2) Splunk 4.1.1 (build 78281)
3) 14 files
few standard questions: 1- Have you restarted splunk after changing the config file? 2 - what version of splunk are you using? how many files are in the Logs directory?